From eae0587699be9e422abfeeefcbe5b2ac87d1b95d Mon Sep 17 00:00:00 2001
From: Martin Artnik <martin@scinote.net>
Date: Fri, 24 May 2024 14:55:48 +0200
Subject: [PATCH] Make API key auth togglable [SCI-6968]

---
 app/controllers/concerns/token_authentication.rb | 2 ++
 app/models/user.rb                               | 4 ++++
 app/views/users/registrations/edit.html.erb      | 2 +-
 config/initializers/api.rb                       | 2 ++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/concerns/token_authentication.rb b/app/controllers/concerns/token_authentication.rb
index 1bcb4aa24..4cc162aff 100644
--- a/app/controllers/concerns/token_authentication.rb
+++ b/app/controllers/concerns/token_authentication.rb
@@ -21,6 +21,8 @@ module TokenAuthentication
   end
 
   def authenticate_with_api_key
+    return unless Rails.configuration.x.core_api_key_enabled
+
     @api_key = request.headers['Api-Key']
     return unless @api_key
 
diff --git a/app/models/user.rb b/app/models/user.rb
index b1ea01d8c..4dd96792b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -629,6 +629,10 @@ class User < ApplicationRecord
       %w(id due_date age results status archived assigned tags comments)
   end
 
+  def api_key_enabled?
+    Rails.configuration.x.core_api_key_enabled
+  end
+
   protected
 
   def confirmation_required?
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb
index 958595cea..67e3cb404 100644
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -36,7 +36,7 @@
       </div>
       <%= render partial: 'users/registrations/edit_partials/2fa' %>
 
-      <% if Rails.application.config.x.core_api_v1_enabled %>
+      <% if current_user.api_key_enabled? %>
         <%= render partial: 'users/registrations/edit_partials/api_key' %>
       <% end %>
    </div>
diff --git a/config/initializers/api.rb b/config/initializers/api.rb
index 29e4191b5..081e224fa 100644
--- a/config/initializers/api.rb
+++ b/config/initializers/api.rb
@@ -12,4 +12,6 @@ Rails.application.configure do
   config.x.core_api_v1_enabled = ENV['CORE_API_V1_ENABLED'] || false
 
   config.x.core_api_v2_enabled = ENV['CORE_API_V2_ENABLED'] || false
+
+  config.x.core_api_key_enabled = ENV['CORE_API_KEY_ENABLED'] || false
 end